Back to directory
WRITEUP #675

CVE-2023-37927 & CVE-2023-37928 - Multiple post-auth blind OS command and Python code injection vulnerabilities in Zyxel’s NAS326 devices

RCECode injectionOS command injectionSecurity code review
by@GaborSeljan(Gábor Selján)
Program
Zyxel
Published
Nov 30, 2023
Added to HackDex
Feb 1, 2024
Read Full Writeuphttps://bugprove.com/knowledge-hub/cve-2023-37927-and-cve-2023-37928-multiple-post-auth-blind-os-command-and-python-code-injection-vulnerabilities-in-zyxel-s-nas-326-devices/
RELATED WRITEUPS
Spip Preauth RCE 2024: Part 1, The Feather
RCECode injection
Vulnerabilities in Open Source C2 Frameworks
RCEOS command injection
Getting code execution on Veeam through CVE-2023-27532
RCEInsecure deserialization
Spip Preauth RCE 2024: Part 2, A Big Upload
RCEFile upload
Back To School - Exploiting A Remote Code Execution Vulnerability In Moodle
RCESecurity code review

Built with ❤️ by Shubham Rawat